In the existing long term evolution (LTE) system, the air interface exists only between an evolved NodeB (eNB) and user equipment (UE). There are two types of data over this air interface: radio resource control (RRC) signaling (control plane data) on a signaling radio bearer (SRB); and user plane data on a data radio bearer (DRB). Integrity protection and encryption protection can be provided for the RRC control plane data, and only encryption protection is provided for the user plane data. When selecting encryption algorithms, only a same encryption algorithm can be selected for the control plan data and the user plane data.
FIG. 1 shows an access stratum (AS) security algorithm negotiation procedure in the existing LTE system. As shown in FIG. 1, the eNB on a network side selects, based on the UE's security capabilities and an algorithm priority list on the network side, an integrity protection algorithm and an encryption algorithm, and notifies the UE of the selected algorithms. The MAC-I indicates an integrity message authentication code.
A new access network node, relay node (RN), is introduced to the LTE-A system. The RN plays two roles: a UE role and an eNB role. The RN accesses the network like a legacy UE. The RN then establishes an S1/X2 interface with a doner eNB (DeNB) to switch to the eNB role.
FIG. 2 shows a schematic architecture of an evolved universal mobile telecommunication system (UMTS) territorial radio access network (E-UTRAN) after the RN is introduced. With the introduction of the RN, the air interface between the UE and the eNB is divided into two segments. One is the air interface between the RN and the UE, which is called as a Uu interface. The other is between the RN and the DeNB, which is called as an Un interface. All data transmitted on the Un interface is mapped to the following two types of RBs for transmission:
1. SRB: for carrying the RRC signaling between the RN and the DeNB.
2. DRB: for carrying S1/X2-AP signaling and S1/X2-UP data.
As such, in addition to the legacy RRC signaling and user data, data transmitted on the Un interface also includes another type of data, that is, the S1/X2-AP signaling (control signaling) carried on the DRB. Furthermore, the user plane data on the Un interface may need to be integrity protected. Therefore, new security requirements are needed on the Un interface. The conventional LTE security mechanism may not meet the new security requirements for the user plane data over the Un interface. In addition, the RN system introduces a security demand in which the protection is based on the granularity of per RB. The legacy security mechanism, however, cannot provide security protection with such fine granularity.